mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-11-16 00:13:48 +01:00
40 lines
1.2 KiB
Plaintext
40 lines
1.2 KiB
Plaintext
# apparmor.d - Full set of apparmor profiles
|
|
# Copyright (C) 2022 Mikhail Morfikov
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
abi <abi/3.0>,
|
|
|
|
# The following rules are needed only when the kernel.unprivileged_userns_clone option is set
|
|
# to "1".
|
|
capability sys_admin,
|
|
capability sys_chroot,
|
|
capability setuid,
|
|
capability setgid,
|
|
owner @{PROC}/@{pid}/setgroups w,
|
|
owner @{PROC}/@{pid}/gid_map w,
|
|
owner @{PROC}/@{pid}/uid_map w,
|
|
|
|
/tmp/ r,
|
|
/var/tmp/ r,
|
|
owner /tmp/.org.chromium.Chromium.* rw,
|
|
owner /tmp/.org.chromium.Chromium.*/{,**} rw,
|
|
owner /tmp/scoped_dir*/ rw,
|
|
owner /tmp/scoped_dir*/SingletonCookie w,
|
|
owner /tmp/scoped_dir*/SingletonSocket w,
|
|
owner /tmp/scoped_dir*/SS w,
|
|
|
|
/dev/shm/ r,
|
|
owner /dev/shm/.org.chromium.Chromium.* rw,
|
|
|
|
owner @{user_share_dirs}/.org.chromium.Chromium.* rw,
|
|
|
|
# Should this be read-only? (##FIXME##)
|
|
# To remove the following error:
|
|
# Error initializing NSS with a persistent database
|
|
owner @{HOME}/.pki/ rw,
|
|
owner @{HOME}/.pki/nssdb/ rw,
|
|
owner @{HOME}/.pki/nssdb/pkcs11.txt rw,
|
|
owner @{HOME}/.pki/nssdb/{cert9,key4}.db rwk,
|
|
owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw,
|
|
|
|
include if exists <abstractions/chromium-common.d> |